[SOLVED] Hey! I didnt I just kick you out?

[NorthWestSimulations]

Okay.. Interesting title, I know. Im awesome like that. Heres my problem

 

My website: http://www.nwsim.com/

 

Has a login form. (I know the website is pale. I just started working on it a few moments ago...) But is there a way for me to make a thingy that allows a person to attempt to login 3 times and if they get it wrong the 4th time it bans them from the login system for oooh... I dont know? 5 minutes?

[amites]

yup, probably best off using Session vars

[NorthWestSimulations]

yup, probably best off using Session vars

 

Yes but session variables are being used for the overall login process. Someone who ha failed the authenication attempt could simply visit http://www.nwsim.com/index.php?action=logout and completly delete there session data. I need something that stores there IP in a database and stuff... Then if $Current_time >= 5 minutes deletes it.

[trq]

Well you can find a user ip using $_SERVER['REMOTE_ADDR'] then insert it into the database using mysql_query. All you'd need to do then would be to add a timestamp to a database field and check to see if its older than five minutes.

[Lodius2000]

goin with what thorpe said... then you need a cron script to clean out that db table of all rows older than 5 mins so that that table doesnt get too huge

[Philip]

yup, probably best off using Session vars

 

Yes but session variables are being used for the overall login process. Someone who ha failed the authenication attempt could simply visit http://www.nwsim.com/index.php?action=logout and completly delete there session data. I need something that stores there IP in a database and stuff... Then if $Current_time >= 5 minutes deletes it.

 

Or you could check to make sure a correct session (like user id) is in place before destroying the session, otherwise forward them back to the main page. DB would work too, to add onto what thorpe is saying, I would add in username, and have it lock that account, so you can't try to access that account on any computer for X minutes after X tries.

[NorthWestSimulations]

Hmm, Interesting... So it would be like every time someone attempts a login it is a $x++; which would update over the acc. if the likit was equal to or greater than 3 then it would lock the acc and insert a time stamp. Then I would use Cron(); to delete that data after a certain time. Or have the script see if current timestamp is greater than +5 minutes.

 

Hmm... I think I got it.

[ialsoagree]

Cron's are not necessary.

 

You can have a script run at the beginning of every page prune the database of old session or login information as needed. If it does this first thing, it's like the values were never even there when your user came to the site, nothing will be able to view them before they're deleted.

[Lodius2000]

Cron's are not necessary.

 

You can have a script run at the beginning of every page prune the database

 

yeah but that adds unneccesary overhead to the page load of an undeserving user, where a cron once/twice per day (based on traffic) would prune a db table before it got too large to actually slowdown the site, and it wouldnt be an extra load on a user

 

but i see what you mean because if you are logging in for the second time since cron was last run, the db row with your name in it will probably have to be deleted anyway

[NorthWestSimulations]

I searched in google. Couldnt find a straight foreward answer. Anyone here wanna give me a link or quickly tell me how crons work and write or supply a link to an example?

[Philip]

Well, it really depends on your hosting. What do you have?

 

(if you have a cPanel backend, take a look here - it's pretty basic)

[Lodius2000]

cron runs on linux servers, you host's tech support can probably help you set it up... it is a command to direct the internal browser of the server your site resides on to an address you choose. so you make a cron.php that does what you want it, usually db maintinence/backup and then point your cronjob there and it accesses the page whenever you want it to. rather than you having to go to your cron.php from your computer each day

 

heres my cron script, it is run at 4am every morning and it backs up my db

 

<?php
include ('../../dbbackups/config.php');

$backupFile = '../../dbbackups/' . date("Y-m-d") . '.sql.gz';
$command = "/usr/bin/mysqldump -h$dbhost -u$dbuser -p$dbpass $dbname | gzip -c > $backupFile";

$backup =`$command`; 

?> 

[NorthWestSimulations]

OKay guys, I Think I got it. One last question before i leave you for the night. What do you think of Startlogic Web hosting... I know its not as good as the WebFreaks... But... Whats your oppinion?

[Philip]

I think you're about to get 50 different answers, lol

 

Web host list, another topic about this very thing.

 

Personally, I do site5. Never had a problem

[Lodius2000]

Startlogic Web looks pretty good to me

[NorthWestSimulations]

Thanks everyone. Im sure your all glad as I am to mark this "TOPIC SOLVED"

 

Everyone who helped me out today. Feel free to grab a a couple Brownie points from that Jar over there tonight before you log out...